Bruno Wolff III wrote:
> On Mon, Jan 12, 2004 at 07:42:41 -0800,
> Bill Moseley <moseley@hank.org> wrote:
>
>>I don't know php, but is it (or Apache) running as user russell? If
>>not, then you can't authorize by IDENT.
>
> It is possible to authenticate using ident using a map that says the
> webserver account is allowed to use the db account "russell". The web server
> must either be on the same machine uisng domain sockets for connecting
> (which looks to be the case here) or be running an ident server.
>
> If you do this you are implicitly trusting the web server account, which
> might not be a good idea in some circumstances. You might want to create
> a separate db account for the web server with miminal privileges needed
> for its task.
In pg_ident.conf, i put:
# MAPNAME IDENT-USERNAME PG-USERNAME
apache www-data russell
apache russell russell
This works:
psql -U russell parts_list
This doesn't:
psql -U www-data parts_list
It says: psql: FATAL: IDENT authentication failed for user "www-data"
I've tried adding -h localhost also.
How can i test the identd server for user www-data?
www-data is in /etc/passwd, and i can also su to it.
